I believe I’ve waited long enough for them to tell me how my account was hacked instantly, they told me nothing. I got a refund.
But I pointed the domains to their server, and it had some PHP script that is put on compromised sites. I didn’t upload anything. I was getting an internal server error, and eventually it loaded, had no idea what it was, or how it got on there.
Another domain, in a different folder, same thing.
So either, using DuckDuckGo’s email, is a bad idea, and somebody got the password for my account, or the server was hacked. Can’t tell you which, they never said anything else.
They will most likely say I uploaded the suspicious PHP file, you’ll see on my drives, I don’t and never have had it. If they didn’t refund and delete it so quickly, they could have determined I didn’t upload it.
It’s possible in a server log somewhere, it says I never uploaded anything.
Using CloudLinux doesn’t mean it’s secure and can’t be hacked. Anything can be hacked. But I can see, their hosting is no more secure, then using a self managed VPS, possibly less secure, but you’ll have to email them and ask what happened. Now if they got the password because it was sent to a DuckDuckGo email that is forwarded to my real email, then DuckDuckGo isn’t secure.
It’s on shared hosting, from a different provider. Nothing hacked yet. Only one site is using WordPress, other sites are static. I won’t name the host, as then somebody will say I work for the other host or some bullshit.
The last reply was 21 d 22 hr ago. And the ticket is closed of course.
The other possibility is whatever is sending the email with my account password, was comprised. Or somewhere along the line, somebody could read it.
Looking at the first ticket I sent, looks like it was some kind of file manager. I don’t recall much, 21 days is a long time ago.
All I know, is I didn’t put that file manager on there. Why would I want a file manager? They even said the index.php isn’t default. You’d think they would be interested in what happened.
Their hosting might be cheaper then the provider I have now, and have a better location. Too bad it came with a file manager, that is installed to hacked sites.
Still cheaper then BuyVM, so who cares. I’m too lazy to manager a server, and bots make it slow.